Skip to main content

CyberArk PAS

This Integration is part of the CyberArk Pack.#

Use the CyberArk Privileged Access Security (PAS) solution to manage users, safes, vaults, and accounts from Cortex XSOAR.

Configure CyberArkPAS in Cortex#

ParameterDescriptionRequired
urlServer URL (e.g., https://example.net\)True
credentialsUsernameTrue
isFetchFetch incidentsFalse
max_fetchMax fetchFalse
fetch_timeFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)False
scoreCyberArk PAS score (0.0-100.0)False
incidentTypeIncident typeFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cyberark-pas-user-add#


Add a new user to the vault.

To run this command, you must have the following permissions:

  • Add Users
  • Update Users

Base Command#

cyberark-pas-user-add

Input#

Argument NameDescriptionRequired
usernameThe name of the user.Required
user_typeThe user type according to the license.Optional
non_authorized_interfacesThe CyberArkPAS interfaces that this user is not authorized to use, e.g., - "PSM", "PSMP"Optional
locationThe location in the vault where the user will be created. Must begin with "\". If just "\", the vault is in the root.Optional
expiry_dateThe date when the user credentials expire. Must be in the following timestamp format: (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year).Optional
passwordThe password that the user will use to log in for the first time.Required
change_password_on_the_next_logonWhether or not the user must change the user password from the second log in onward. Can be 'true' or 'false'. Default is 'true'.Optional
password_never_expiresWhether the user’s password will not expire unless they decide to change it. Can be 'true' or 'false'. Default is 'false'.Optional
vault_authorizationA comma-separated list of user permissions. Valid values are: AuditUsers, AddUpdateUsers, ResetUsersPasswords, ActivateUsers, AddNetworkAreas, ManageDirectoryMapping, ManageServerFileCategories, BackupAllSafes, RestoreAllSafes e.g., AddSafes,AuditUsersOptional
descriptionNotes and comments.Optional
emailThe email address of the user.Optional
first_nameThe first name of the user.Optional
last_nameThe last name of the user.Optional
enable_userWhether the user will be enabled upon creation. Can be 'true' or 'false'. Default is 'true'.Optional
distinguished_nameThe distinguished name of the user. The usage is for PKI authentication. This will match the certificate subject name or domain name.Optional
professionThe profession of the user.Optional

Context Output#

PathTypeDescription
CyberArkPAS.Users.idNumberThe unique ID of the user.
CyberArkPAS.Users.authenticationMethodStringThe authentication method of the user.
CyberArkPAS.Users.changePassOnNextLogonBooleanWhether or not the user must change the user password.
CyberArkPAS.Users.descriptionStringDescription of the user.
CyberArkPAS.Users.enableUserBooleanWhether or not the user is enabled.
CyberArkPAS.Users.expiryDateNumberThe expiry date of the user credentials.
CyberArkPAS.Users.internet.businessEmailStringThe email address of the user.
CyberArkPAS.Users.lastSuccessfulLoginDateNumberThe last successful login date of the user.
CyberArkPAS.Users.locationStringThe location in the vault where the user will be created.
CyberArkPAS.Users.personalDetails.professionStringThe profession of the user.
CyberArkPAS.Users.suspendedBooleanWhether or not the user is suspended.
CyberArkPAS.Users.userTypeStringThe type of the user.
CyberArkPAS.Users.usernameStringThe name of the user.
CyberArkPAS.Users.vaultAuthorizationStringThe permissions of the user.

Command Example#

!cyberark-pas-user-add username="TestUser" password="12345Aa" change_password_on_the_next_logon=true description="new user for test" email="usertest@test.com" enable_user=true first_name="user" last_name="test" profession="testing integrations"

Context Example#

{
"CyberArkPAS": {
"Users": {
"authenticationMethod": [
"AuthTypePass"
],
"businessAddress": {
"workCity": "",
"workCountry": "",
"workState": "",
"workStreet": "",
"workZip": ""
},
"changePassOnNextLogon": true,
"componentUser": false,
"description": "new user for test",
"distinguishedName": "",
"enableUser": true,
"expiryDate": -62135578800,
"groupsMembership": [],
"id": 150,
"internet": {
"businessEmail": "usertest@test.com",
"homeEmail": "",
"homePage": "",
"otherEmail": ""
},
"lastSuccessfulLoginDate": 1597830302,
"location": "\\",
"passwordNeverExpires": false,
"personalDetails": {
"city": "",
"country": "",
"department": "",
"firstName": "user",
"lastName": "test",
"middleName": "",
"organization": "",
"profession": "testing integrations",
"state": "",
"street": "",
"title": "",
"zip": ""
},
"phones": {
"businessNumber": "",
"cellularNumber": "",
"faxNumber": "",
"homeNumber": "",
"pagerNumber": ""
},
"source": "CyberArk",
"suspended": false,
"unAuthorizedInterfaces": [],
"userType": "EPVUser",
"username": "TestUser",
"vaultAuthorization": []
}
}
}

Human Readable Output#

Results#

authenticationMethodbusinessAddresschangePassOnNextLogoncomponentUserdescriptiondistinguishedNameenableUserexpiryDategroupsMembershipidinternetlastSuccessfulLoginDatelocationpasswordNeverExpirespersonalDetailsphonessourcesuspendedunAuthorizedInterfacesuserTypeusernamevaultAuthorization
AuthTypePassworkStreet:
workCity:
workState:
workZip:
workCountry:
truefalsenew user for testtrue-62135578800150homePage:
homeEmail:
businessEmail: usertest@test.com
otherEmail:
1597830302\ falsestreet:
city:
state:
zip:
country:
title:
organization:
department:
profession: testing integrations
firstName: user
middleName:
lastName: test
homeNumber:
businessNumber:
cellularNumber:
faxNumber:
pagerNumber:
CyberArkfalseEPVUserTestUser

cyberark-pas-user-update#


Update an existing vault user.

To run this command, you must have the following permissions:

  • Add Users or Update Users
  • In order to edit change_password_on_the_next_logon, you must have the Reset Password authorization

Base Command#

cyberark-pas-user-update

Input#

Argument NameDescriptionRequired
usernameThe name of the user.Optional
user_typeUser type according to the license.Optional
non_authorized_interfacesThe CyberArkPAS interfaces that this user is not authorized to use, e.g., "PSM", "PSMP"Optional
locationThe location in the vault where the user will be created. Must begin with "\". If just "\", the vault is in the root.Optional
expiry_dateThe date when the user expires. Must be in the following timestamp format: (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year).Optional
change_password_on_the_next_logonWhether or not the user must change their password from the second log on onward. Can be 'true' or 'false'. Default is 'true'.Optional
password_never_expiresWhether the user’s password will not expire unless they decide to change it. Can be 'true' or 'false'. Default is 'false'.Optional
vault_authorizationA comma-separated list of user permissions. Valid values are: AddSafes, AuditUsers, AddUpdateUsers, ResetUsersPasswords, ActivateUsers, AddNetworkAreas, ManageDirectoryMapping, ManageServerFileCategories, BackupAllSafes, RestoreAllSafes e.g., AddSafes,AuditUsersOptional
descriptionNotes and comments.Optional
emailThe email addresses of the user.Optional
first_nameThe first name of the user.Optional
last_nameThe last name of the user.Optional
enable_userWhether the user will be enabled upon creation. Can be 'true' or 'false'. Default is 'true'.Optional
distinguished_nameThe distinguished name of the user. The usage is for PKI authentication. This will match the certificate subject name or domain name.Optional
professionThe profession of the user.Optional
user_idThe ID of the user to update.Required

Context Output#

PathTypeDescription
CyberArkPAS.Users.idNumberThe unique ID of the user.
CyberArkPAS.Users.authenticationMethodStringThe authentication method for the user.
CyberArkPAS.Users.changePassOnNextLogonBooleanWhether or not the user must change the user password.
CyberArkPAS.Users.descriptionStringDescription of the user.
CyberArkPAS.Users.enableUserBooleanWhether or not the user is enabled.
CyberArkPAS.Users.expiryDateNumberThe expiry date of the user.
CyberArkPAS.Users.internet.businessEmailStringThe email address of the user.
CyberArkPAS.Users.lastSuccessfulLoginDateNumberThe last successful login date of the user.
CyberArkPAS.Users.locationStringThe location in the vault where the user will be created.
CyberArkPAS.Users.personalDetails.professionStringThe profession of the user.
CyberArkPAS.Users.suspendedBooleanWhether or not the user is suspended.
CyberArkPAS.Users.userTypeStringThe type of the user.
CyberArkPAS.Users.usernameStringThe name of the user.
CyberArkPAS.Users.vaultAuthorizationStringThe permissions of the user.

Command Example#

!cyberark-pas-user-update user_id=150 change_password_on_the_next_logon=true description="updated description" email="update@test.com" first_name="test1" last_name="updated-name" username="TestUser1" profession="test1"

Context Example#

{
"CyberArkPAS": {
"Users": {
"authenticationMethod": [
"AuthTypePass"
],
"businessAddress": {
"workCity": "",
"workCountry": "",
"workState": "",
"workStreet": "",
"workZip": ""
},
"changePassOnNextLogon": true,
"componentUser": false,
"description": "updated description",
"distinguishedName": "",
"enableUser": true,
"expiryDate": -62135578800,
"groupsMembership": [],
"id": 150,
"internet": {
"businessEmail": "update@test.com",
"homeEmail": "",
"homePage": "",
"otherEmail": ""
},
"lastSuccessfulLoginDate": 1597830302,
"location": "\\",
"passwordNeverExpires": false,
"personalDetails": {
"city": "",
"country": "",
"department": "",
"firstName": "test1",
"lastName": "updated-name",
"middleName": "",
"organization": "",
"profession": "test1",
"state": "",
"street": "",
"title": "",
"zip": ""
},
"phones": {
"businessNumber": "",
"cellularNumber": "",
"faxNumber": "",
"homeNumber": "",
"pagerNumber": ""
},
"source": "CyberArk",
"suspended": false,
"unAuthorizedInterfaces": [],
"userType": "EPVUser",
"username": "TestUser1",
"vaultAuthorization": []
}
}
}

Human Readable Output#

Results#

authenticationMethodbusinessAddresschangePassOnNextLogoncomponentUserdescriptiondistinguishedNameenableUserexpiryDategroupsMembershipidinternetlastSuccessfulLoginDatelocationpasswordNeverExpirespersonalDetailsphonessourcesuspendedunAuthorizedInterfacesuserTypeusernamevaultAuthorization
AuthTypePassworkStreet:
workCity:
workState:
workZip:
workCountry:
truefalseupdated descriptiontrue-62135578800150homePage:
homeEmail:
businessEmail: update@test.com
otherEmail:
1597830302\ falsestreet:
city:
state:
zip:
country:
title:
organization:
department:
profession: test1
firstName: test1
middleName:
lastName: updated-name
homeNumber:
businessNumber:
cellularNumber:
faxNumber:
pagerNumber:
CyberArkfalseEPVUserTestUser1

cyberark-pas-user-delete#


Delete a specific user in the vault.

To run this command, you must have Add Users or Update Users permissions.

Base Command#

cyberark-pas-user-delete

Input#

Argument NameDescriptionRequired
user_idThe ID of the user to delete.Required

Context Output#

PathTypeDescription
CyberArkPAS.Users.DeletedBooleanWhether the user was deleted.

Command Example#

!cyberark-pas-user-delete user_id=150

Context Example#

{
"CyberArkPAS": {
"Users": {
"Deleted": true,
"id": "150"
}
}
}

Human Readable Output#

User 150 was deleted

cyberark-pas-users-list#


Return a list of all existing users in the vault that meet the filter and search criteria.

To run this command, you must have Audit Users permission.

Base Command#

cyberark-pas-users-list

Input#

Argument NameDescriptionRequired
filterRetrieve users using filters. Valid values: userType, componentUser.Optional
searchSearch by the following values: username, first name, last name.Optional

Context Output#

PathTypeDescription
CyberArkPAS.Users.idNumberThe unique IDs of the users.
CyberArkPAS.Users.authenticationMethodStringThe authentication method of the user.
CyberArkPAS.Users.changePassOnNextLogonBooleanWhether or not the users must change their password.
CyberArkPAS.Users.descriptionStringDescriptions of the users.
CyberArkPAS.Users.enableUserBooleanWhether or not the users are enabled.
CyberArkPAS.Users.expiryDateNumberThe expiry dates of the users.
CyberArkPAS.Users.internet.businessEmailStringThe email addresses of the users.
CyberArkPAS.Users.lastSuccessfulLoginDateNumberThe last successful login dates of the users.
CyberArkPAS.Users.locationStringThe locations in the vault where the users were created.
CyberArkPAS.Users.personalDetails.professionStringThe professions of the users.
CyberArkPAS.Users.suspendedBooleanWhether or not the users are suspended.
CyberArkPAS.Users.userTypeStringThe types of the users.
CyberArkPAS.Users.usernameStringThe names of the users.
CyberArkPAS.Users.vaultAuthorizationStringThe permissions of the users.

Command Example#

!cyberark-pas-users-list

Context Example#

{
"CyberArkPAS": {
"Users": [
{
"componentUser": false,
"id": 2,
"location": "\\",
"personalDetails": {
"firstName": "",
"lastName": "",
"middleName": ""
},
"source": "CyberArk",
"userType": "Built-InAdmins",
"username": "Administrator",
"vaultAuthorization": [
"AddUpdateUsers",
"AddSafes",
"AddNetworkAreas",
"ManageDirectoryMapping",
"ManageServerFileCategories",
"AuditUsers",
"BackupAllSafes",
"RestoreAllSafes",
"ResetUsersPasswords",
"ActivateUsers"
]
},
{
"componentUser": false,
"id": 3,
"location": "\\",
"personalDetails": {
"firstName": "",
"lastName": "",
"middleName": ""
},
"source": "CyberArk",
"userType": "Built-InAdmins",
"username": "Auditor",
"vaultAuthorization": [
"AuditUsers"
]
}
}

Human Readable Output#

There are 2 users#

componentUseridlocationpersonalDetailssourceuserTypeusernamevaultAuthorization
false2\ firstName:
middleName:
lastName:
CyberArkBuilt-InAdminsAdministratorAddUpdateUsers,
AddSafes,
AddNetworkAreas,
ManageDirectoryMapping,
ManageServerFileCategories,
AuditUsers,
BackupAllSafes,
RestoreAllSafes,
ResetUsersPasswords,
ActivateUsers
false3\ firstName:
middleName:
lastName:
CyberArkBuilt-InAdminsAuditorAuditUsers

cyberark-pas-user-activate#


Activate an existing vault user who was suspended after entering incorrect credentials multiple times. Uses the V1 of the API and may change in the future.

Base Command#

cyberark-pas-user-activate

Input#

Argument NameDescriptionRequired
user_idThe ID of the user to activate.Required

Context Output#

There is no context output for this command.

Command Example#

!cyberark-pas-user-activate user_id=150

Human Readable Output#

User 150 was activated

cyberark-pas-safes-list#


Return information about all of the user’s safes in the vault.

To run this command, you must be a member of the Safes in the Vault that are returned in the list.

Base Command#

cyberark-pas-safes-list

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe names of the safes.
CyberArkPAS.Safes.DescriptionStringThe descriptions of the safes.
CyberArkPAS.Safes.LocationStringThe locations of the safes.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safes.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the safes.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the safes.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the safes.

Command Example#

!cyberark-pas-safes-list

Context Example#

{
"CyberArkPAS": {
"Safes": [
{
"Description": "",
"Location": "\\",
"SafeName": "Internal",
"SafeUrlId": "Internal"
},
{
"Description": "",
"Location": "\\",
"SafeName": "Notification",
"SafeUrlId": "Notification"
},
{
"Description": "",
"Location": "\\",
"SafeName": "Reports",
"SafeUrlId": "Reports"
}
]
}
}

Human Readable Output#

There are 3 safes#

DescriptionLocationSafeNameSafeUrlId
\ InternalInternal
\ NotificationNotification
\ ReportsReports

cyberark-pas-safe-get-by-name#


Return information about a specific safe in the vault.

Base Command#

cyberark-pas-safe-get-by-name

Input#

Argument NameDescriptionRequired
safe_nameThe name of the safe about which information is returned.Required

Context Output#

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe name of the safe.
CyberArkPAS.Safes.DescriptionStringThe description of the safe.
CyberArkPAS.Safes.LocationStringThe location of the safe.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safe.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the safe.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the safe.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the safe.

Command Example#

!cyberark-pas-safe-get-by-name safe_name=UpdatedName1

Context Example#

{
"CyberArkPAS": {
"Safes": {
"AutoPurgeEnabled": false,
"Description": "UpdatedSafe",
"Location": "\\",
"ManagingCPM": "",
"NumberOfDaysRetention": 150,
"NumberOfVersionsRetention": null,
"OLACEnabled": true,
"SafeName": "UpdatedName1"
}
}
}

Human Readable Output#

Results#

AutoPurgeEnabledDescriptionLocationManagingCPMNumberOfDaysRetentionNumberOfVersionsRetentionOLACEnabledSafeName
falseUpdatedSafe\ 150trueUpdatedName1

cyberark-pas-safe-add#


Add a new safe to the vault.

To run this command, you must have Add Safes permission in the Vault.

Base Command#

cyberark-pas-safe-add

Input#

Argument NameDescriptionRequired
safe_nameName of a safe to create.Required
descriptionDescription of the new safe.Optional
OLAC_enabledWhether or not to enable Object Level Access Control (OLAC) for the new
safe. Valid values are: 'true' or 'false'. Default is 'true'.
Optional
managing_cpmThe name of the Central Policy Manager (CPM) user who will manage the new safe.Optional
number_of_versions_retentionThe number of retained versions of every password that is stored in the safe.Optional
number_of_days_retentionThe number of days for which password versions are saved in the safe.Optional
locationThe location of the new safe.Optional

Context Output#

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe name of the safe.
CyberArkPAS.Safes.DescriptionStringThe description of the safe.
CyberArkPAS.Safes.LocationStringThe location of the safe.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safe.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the safe.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the safe.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the safe.

Command Example#

!cyberark-pas-safe-add safe_name="TestSafe1" description="safe for tests" number_of_days_retention=100

Context Example#

{
"CyberArkPAS": {
"Safes": {
"AutoPurgeEnabled": false,
"Description": "safe for tests",
"Location": "\\",
"ManagingCPM": "",
"NumberOfDaysRetention": 100,
"NumberOfVersionsRetention": null,
"OLACEnabled": true,
"SafeName": "TestSafe1"
}
}
}

Human Readable Output#

Results#

AutoPurgeEnabledDescriptionLocationManagingCPMNumberOfDaysRetentionNumberOfVersionsRetentionOLACEnabledSafeName
falsesafe for tests\ 100trueTestSafe1

cyberark-pas-safe-update#


Update a single safe in the vault.

To run this command, you must have Manage Safes permission in the Vault.

Base Command#

cyberark-pas-safe-update

Input#

Argument NameDescriptionRequired
safe_nameThe name of the safe that will be updated.Required
descriptionThe description of the updated safe.Optional
OLAC_enabledWhether or not to enable Object Level Access Control (OLAC) for the updated
safe. Valid values are: 'true' or 'false'. Default is 'true'.
Optional
managing_cpmThe name of the Central Policy Manager (CPM) user who will manage the updated safe.Optional
number_of_versions_retentionThe number of retained versions of every password that is stored in the updated safe.Optional
number_of_days_retentionThe number of days for which password versions are saved in the updated safe.Optional
safe_new_nameThe new name of the safe.Optional
locationThe location of the updated safe.Optional

Context Output#

PathTypeDescription
CyberArkPAS.Safes.SafeNameStringThe name of the updated safe.
CyberArkPAS.Safes.DescriptionStringThe description of the updated safe.
CyberArkPAS.Safes.LocationStringThe location of the updated safe.
CyberArkPAS.Safes.ManagingCPMStringThe name of the Central Policy Manager (CPM) user who will manage the safe.
CyberArkPAS.Safes.NumberOfDaysRetentionNumberThe number of retained versions of every password that is stored in the updated safe.
CyberArkPAS.Safes.NumberOfVersionsRetentionNumberThe number of days for which password versions are saved in the updated safe.
CyberArkPAS.Safes.OLACEnabledBooleanWhether or not to enable Object Level Access Control (OLAC) for the updated safe.

Command Example#

!cyberark-pas-safe-update safe_name=TestSafe1 safe_new_name=UpdatedName1 description=UpdatedSafe number_of_days_retention=150

Context Example#

{
"CyberArkPAS": {
"Safes": {
"AutoPurgeEnabled": false,
"Description": "UpdatedSafe",
"Location": "\\",
"ManagingCPM": "",
"NumberOfDaysRetention": 150,
"NumberOfVersionsRetention": null,
"OLACEnabled": true,
"SafeName": "UpdatedName1"
}
}
}

Human Readable Output#

Results#

AutoPurgeEnabledDescriptionLocationManagingCPMNumberOfDaysRetentionNumberOfVersionsRetentionOLACEnabledSafeName
falseUpdatedSafe\ 150trueUpdatedName1

cyberark-pas-safe-delete#


Delete a safe from the vault.

To run this command, you must have Manage Safes permission in the Safe.

Base Command#

cyberark-pas-safe-delete

Input#

Argument NameDescriptionRequired
safe_nameThe name of the safe that will be deleted.Required

Context Output#

PathTypeDescription
CyberArkPAS.Safes.DeletedBooleanWhether the safe was deleted.

Command Example#

!cyberark-pas-safe-delete safe_name=UpdatedName1

Context Example#

{
"CyberArkPAS": {
"Safes": {
"Deleted": true,
"SafeName": "UpdatedName1"
}
}
}

Human Readable Output#

Safe UpdatedName1 was deleted

cyberark-pas-safe-members-list#


Return a list of the members of the safe.

To run this command, you must have View Safe Members permission in the Safe.

Base Command#

cyberark-pas-safe-members-list

Input#

Argument NameDescriptionRequired
safe_nameThe name of the safe whose safe members will be listed.Required

Context Output#

PathTypeDescription
CyberArkPAS.Safes.Members.MemberNameStringThe names of the safe members.
CyberArkPAS.Safes.Members.MembershipExpirationDateNumberThe expiration dates of the safe members.
CyberArkPAS.Safes.Members.PermissionsUnknownThe permissions of the safe members.
CyberArkPAS.Safes.Members.SearchInStringThe vault or domain where the users or groups was found.

Command Example#

!cyberark-pas-safe-members-list safe_name=UpdatedName1

Context Example#

{
"CyberArkPAS": {
"Safes": {
"Members": [
{
"IsExpiredMembershipEnable": false,
"IsPredefinedUser": true,
"MemberName": "Administrator",
"MemberType": "User",
"MembershipExpirationDate": null,
"Permissions": {
"AccessWithoutConfirmation": true,
"AddAccounts": true,
"BackupSafe": true,
"CreateFolders": true,
"DeleteAccounts": true,
"DeleteFolders": true,
"InitiateCPMAccountManagementOperations": true,
"ListAccounts": true,
"ManageSafe": true,
"ManageSafeMembers": true,
"MoveAccountsAndFolders": true,
"RenameAccounts": true,
"RequestsAuthorizationLevel1": true,
"RequestsAuthorizationLevel2": false,
"RetrieveAccounts": true,
"SpecifyNextAccountContent": true,
"UnlockAccounts": true,
"UpdateAccountContent": true,
"UpdateAccountProperties": true,
"UseAccounts": true,
"ViewAuditLog": true,
"ViewSafeMembers": true
}
},
{
"IsExpiredMembershipEnable": false,
"IsPredefinedUser": false,
"MemberName": "TestUser1",
"MemberType": "User",
"MembershipExpirationDate": null,
"Permissions": {
"AccessWithoutConfirmation": false,
"AddAccounts": false,
"BackupSafe": false,
"CreateFolders": false,
"DeleteAccounts": false,
"DeleteFolders": false,
"InitiateCPMAccountManagementOperations": false,
"ListAccounts": false,
"ManageSafe": false,
"ManageSafeMembers": false,
"MoveAccountsAndFolders": false,
"RenameAccounts": false,
"RequestsAuthorizationLevel1": false,
"RequestsAuthorizationLevel2": false,
"RetrieveAccounts": false,
"SpecifyNextAccountContent": false,
"UnlockAccounts": false,
"UpdateAccountContent": false,
"UpdateAccountProperties": false,
"UseAccounts": true,
"ViewAuditLog": false,
"ViewSafeMembers": false
}
}
]
}
}
}

Human Readable Output#

There are 2 safe members for UpdatedName1#

IsExpiredMembershipEnableIsPredefinedUserMemberNameMemberTypeMembershipExpirationDatePermissions
falsetrueAdministratorUserUseAccounts: true
RetrieveAccounts: true
ListAccounts: true
AddAccounts: true
UpdateAccountContent: true
UpdateAccountProperties: true
InitiateCPMAccountManagementOperations: true
SpecifyNextAccountContent: true
RenameAccounts: true
DeleteAccounts: true
UnlockAccounts: true
ManageSafe: true
ManageSafeMembers: true
BackupSafe: true
ViewAuditLog: true
ViewSafeMembers: true
AccessWithoutConfirmation: true
CreateFolders: true
DeleteFolders: true
MoveAccountsAndFolders: true
RequestsAuthorizationLevel1: true
RequestsAuthorizationLevel2: false
falsefalseTestUser1UserUseAccounts: true
RetrieveAccounts: false
ListAccounts: false
AddAccounts: false
UpdateAccountContent: false
UpdateAccountProperties: false
InitiateCPMAccountManagementOperations: false
SpecifyNextAccountContent: false
RenameAccounts: false
DeleteAccounts: false
UnlockAccounts: false
ManageSafe: false
ManageSafeMembers: false
BackupSafe: false
ViewAuditLog: false
ViewSafeMembers: false
AccessWithoutConfirmation: false
CreateFolders: false
DeleteFolders: false
MoveAccountsAndFolders: false
RequestsAuthorizationLevel1: false
RequestsAuthorizationLevel2: false

cyberark-pas-safe-member-add#


Add an existing user as a safe member. Uses the V1 of the API and may change in the future.

To run this command, you must have Manage Safe Members permission in the Vault.

Base Command#

cyberark-pas-safe-member-add

Input#

Argument NameDescriptionRequired
member_nameThe name of the user to add as a safe member.Required
search_inSearch for the member in the vault or domain.Optional
membership_expiration_dateThe membership expiration date in the format MM\DD\YY. Leave empty if there is no expiration date.Optional
permissionsThe user’s permissions in the safe.
Valid values: UseAccounts, RetrieveAccounts, ListAccounts, AddAccounts, UpdateAccountContent, UpdateAccountProperties, InitiateCPMAccountManagementOperations, InitiateCPMAccountManagementOperations, SpecifyNextAccountContent, RenameAccounts, DeleteAccounts, UnlockAccounts, ManageSafe, ManageSafeMembers, BackupSafe, ViewAuditLog, ViewAuditLog, ViewSafeMembers, AccessWithoutConfirmation, CreateFolders, DeleteFolders, MoveAccountsAndFolders
e.g., UseAccounts,RetrieveAccounts
Optional
safe_nameThe name of the safe to add a member to.Required
requests_authorization_levelThe request authorization levels.
0 – cannot authorize
1 – authorization level 1
2 – authorization level 2
Default is '0'.
Optional

Context Output#

PathTypeDescription
CyberArkPAS.Safes.Members.MemberNameStringThe name of the safe member.
CyberArkPAS.Safes.Members.MembershipExpirationDateNumberThe expiration date of the safe member.
CyberArkPAS.Safes.Members.PermissionsUnknownThe permissions of the safe member.
CyberArkPAS.Safes.Members.SearchInStringThe vault or domain where the user or group was found.

Command Example#

!cyberark-pas-safe-member-add member_name="TestUser1" safe_name="UpdatedName1"

Context Example#

{
"CyberArkPAS": {
"Safes": {
"Members": {
"MemberName": "TestUser1",
"MembershipExpirationDate": "",
"Permissions": [
{
"Key": "UseAccounts",
"Value": false
},
{
"Key": "RetrieveAccounts",
"Value": false
},
{
"Key": "ListAccounts",
"Value": false
},
{
"Key": "AddAccounts",
"Value": false
},
{
"Key": "UpdateAccountContent",
"Value": false
},
{
"Key": "UpdateAccountProperties",
"Value": false
},
{
"Key": "InitiateCPMAccountManagementOperations",
"Value": false
},
{
"Key": "SpecifyNextAccountContent",
"Value": false
},
{
"Key": "RenameAccounts",
"Value": false
},
{
"Key": "DeleteAccounts",
"Value": false
},
{
"Key": "UnlockAccounts",
"Value": false
},
{
"Key": "ManageSafe",
"Value": false
},
{
"Key": "ManageSafeMembers",
"Value": false
},
{
"Key": "BackupSafe",
"Value": false
},
{
"Key": "ViewAuditLog",
"Value": false
},
{
"Key": "ViewSafeMembers",
"Value": false
},
{
"Key": "AccessWithoutConfirmation",
"Value": false
},
{
"Key": "CreateFolders",
"Value": false
},
{
"Key": "DeleteFolders",
"Value": false
},
{
"Key": "MoveAccountsAndFolders",
"Value": false
},
{
"Key": "RequestsAuthorizationLevel",
"Value": 0
}
],
"SearchIn": "vault"
}
}
}
}

Human Readable Output#

Results#

MemberNameMembershipExpirationDatePermissionsSearchIn
TestUser1{'Key': 'UseAccounts', 'Value': False},
{'Key': 'RetrieveAccounts', 'Value': False},
{'Key': 'ListAccounts', 'Value': False},
{'Key': 'AddAccounts', 'Value': False},
{'Key': 'UpdateAccountContent', 'Value': False},
{'Key': 'UpdateAccountProperties', 'Value': False},
{'Key': 'InitiateCPMAccountManagementOperations', 'Value': False},
{'Key': 'SpecifyNextAccountContent', 'Value': False},
{'Key': 'RenameAccounts', 'Value': False},
{'Key': 'DeleteAccounts', 'Value': False},
{'Key': 'UnlockAccounts', 'Value': False},
{'Key': 'ManageSafe', 'Value': False},
{'Key': 'ManageSafeMembers', 'Value': False},
{'Key': 'BackupSafe', 'Value': False},
{'Key': 'ViewAuditLog', 'Value': False},
{'Key': 'ViewSafeMembers', 'Value': False},
{'Key': 'AccessWithoutConfirmation', 'Value': False},
{'Key': 'CreateFolders', 'Value': False},
{'Key': 'DeleteFolders', 'Value': False},
{'Key': 'MoveAccountsAndFolders', 'Value': False},
{'Key': 'RequestsAuthorizationLevel', 'Value': 0}
vault

cyberark-pas-safe-member-update#


Update an existing safe member. Uses the V1 of the API and may change in the future.

To run this command, you must have Manage Safe Members permission in the Vault.

Base Command#

cyberark-pas-safe-member-update

Input#

Argument NameDescriptionRequired
member_nameThe member name that will be updated.Required
membership_expiration_dateThe membership expiration date in the format MM\DD\YY. Leave empty if there is no expiration date.Optional
permissionsThe user’s permissions in the safe.
Valid values are:
UseAccounts, RetrieveAccounts, ListAccounts, AddAccounts, UpdateAccountContent, UpdateAccountProperties, InitiateCPMAccountManagementOperations, InitiateCPMAccountManagementOperations, SpecifyNextAccountContent, RenameAccounts, DeleteAccounts, UnlockAccounts, ManageSafe, ManageSafeMembers, BackupSafe, ViewAuditLog, ViewAuditLog, ViewSafeMembers, RequestsAuthorizationLevel, AccessWithoutConfirmation, CreateFolders, DeleteFolders, MoveAccountsAndFolders
e.g., UseAccounts,RetrieveAccounts
Optional
safe_nameThe name of the safe to which the safe member belongs.Required
requests_authorization_levelRequest authorization levels.
0 – cannot authorize
1 – authorization level 1
2 – authorization level 2
Default is: '0'.
Optional

Context Output#

PathTypeDescription
CyberArkPAS.Safes.Members.MemberNameStringThe name of the safe member.
CyberArkPAS.Safes.Members.MembershipExpirationDateNumberThe expiration date of the safe member.
CyberArkPAS.Safes.Members.PermissionsUnknownThe permissions of the safe member.
CyberArkPAS.Safes.Members.SearchInStringThe vault or domain where the user or group was found.

Command Example#

!cyberark-pas-safe-member-update member_name="TestUser1" safe_name="UpdatedName1" permissions=UseAccounts

Context Example#

{
"CyberArkPAS": {
"Safes": {
"Members": {
"MembershipExpirationDate": "",
"Permissions": [
{
"Key": "UseAccounts",
"Value": true
},
{
"Key": "RetrieveAccounts",
"Value": false
},
{
"Key": "ListAccounts",
"Value": false
},
{
"Key": "AddAccounts",
"Value": false
},
{
"Key": "UpdateAccountContent",
"Value": false
},
{
"Key": "UpdateAccountProperties",
"Value": false
},
{
"Key": "InitiateCPMAccountManagementOperations",
"Value": false
},
{
"Key": "SpecifyNextAccountContent",
"Value": false
},
{
"Key": "RenameAccounts",
"Value": false
},
{
"Key": "DeleteAccounts",
"Value": false
},
{
"Key": "UnlockAccounts",
"Value": false
},
{
"Key": "ManageSafe",
"Value": false
},
{
"Key": "ManageSafeMembers",
"Value": false
},
{
"Key": "BackupSafe",
"Value": false
},
{
"Key": "ViewAuditLog",
"Value": false
},
{
"Key": "ViewSafeMembers",
"Value": false
},
{
"Key": "AccessWithoutConfirmation",
"Value": false
},
{
"Key": "CreateFolders",
"Value": false
},
{
"Key": "DeleteFolders",
"Value": false
},
{
"Key": "MoveAccountsAndFolders",
"Value": false
},
{
"Key": "RequestsAuthorizationLevel",
"Value": 0
}
]
}
}
}
}

Human Readable Output#

Results#

MembershipExpirationDatePermissions
{'Key': 'UseAccounts', 'Value': True},
{'Key': 'RetrieveAccounts', 'Value': False},
{'Key': 'ListAccounts', 'Value': False},
{'Key': 'AddAccounts', 'Value': False},
{'Key': 'UpdateAccountContent', 'Value': False},
{'Key': 'UpdateAccountProperties', 'Value': False},
{'Key': 'InitiateCPMAccountManagementOperations', 'Value': False},
{'Key': 'SpecifyNextAccountContent', 'Value': False},
{'Key': 'RenameAccounts', 'Value': False},
{'Key': 'DeleteAccounts', 'Value': False},
{'Key': 'UnlockAccounts', 'Value': False},
{'Key': 'ManageSafe', 'Value': False},
{'Key': 'ManageSafeMembers', 'Value': False},
{'Key': 'BackupSafe', 'Value': False},
{'Key': 'ViewAuditLog', 'Value': False},
{'Key': 'ViewSafeMembers', 'Value': False},
{'Key': 'AccessWithoutConfirmation', 'Value': False},
{'Key': 'CreateFolders', 'Value': False},
{'Key': 'DeleteFolders', 'Value': False},
{'Key': 'MoveAccountsAndFolders', 'Value': False},
{'Key': 'RequestsAuthorizationLevel', 'Value': 0}

cyberark-pas-safe-member-delete#


Remove a specific member from a safe. Uses the V1 of the API and may change in the future.

To run this command, you must have Manage Safe Members permission in the Safe.

Base Command#

cyberark-pas-safe-member-delete

Input#

Argument NameDescriptionRequired
safe_nameThe name of the safe to delete a member from.Required
member_nameThe name of the safe member to delete from the safe’s list of members.Required

Context Output#

PathTypeDescription
CyberArkPAS.Safes.Members.DeletedBooleanWhether the safe member was deleted.

Command Example#

!cyberark-pas-safe-member-delete member_name=TestUser1 safe_name=UpdatedName1

Context Example#

{
"CyberArkPAS": {
"Safes": {
"Members": {
"Deleted": true,
"MemberName": "TestUser1"
}
}
}
}

Human Readable Output#

Member TestUser1 was deleted from UpdatedName1 safe

cyberark-pas-account-add#


Add a new privileged account or SSH key to the vault.

To run this command, you must have the following permissions in the Vault:

  • Add Account
  • Update Password or Update Password Properties

Base Command#

cyberark-pas-account-add

Input#

Argument NameDescriptionRequired
account_nameThe name of the account.Required
addressThe name or address of the machine where the account will be used.Required
platform_idThe platform assigned to this account.Required
safe_nameThe name of the safe where the account will be created.Required
secret_typeThe type of password. Valid values are: 'password', 'key'. Default is 'password'.Optional
usernameThe The user name of the account.Required
passwordThe password that the user will use to log on for the first time.Required
propertiesObject containing key-value pairs to associate with the account, as defined by the account platform.
e.g., {"Location": "IT", "OwnerName": "MSSPAdmin"}
Optional
automatic_management_enabledWhether the account secret is automatically managed by the Central Policy Manager (CPM). Can be 'true' or 'false'. Default is 'true'.Optional
manual_management_reasonThe reason for disabling automatic secret management.Optional
remote_machinesList of remote machines, separated by semicolons.
e.g., server1.cyberark.com;server2.cyberark.com
Optional
access_restricted_to_remote_machinesWhether or not to restrict access to specified remote machines only. Can be 'true' or 'false'. Default is: 'true'.Optional

Context Output#

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique ID of the account.
CyberArkPAS.Accounts.categoryModificationTimeNumberThe last modified date of the account.
CyberArkPAS.Accounts.createdTimeNumberThe date the account was created.
CyberArkPAS.Accounts.nameStringThe name of the account.
CyberArkPAS.Accounts.platformIdStringThe platform assigned to this account.
CyberArkPAS.Accounts.safeNameStringThe safe where the account is created.
CyberArkPAS.Accounts.secretManagementStringWhether the account secret is automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of password.
CyberArkPAS.Accounts.userNameStringThe name of the account user.
CyberArkPAS.Accounts.addressStringThe name or address of the machine where the account will be used.

Command Example#

!cyberark-pas-account-add safe_name=TestSafe1 account_name=TestAccount1 address=/ password=12345Aa platform_id=WinServerLocal username=TestUser

Context Example#

{
"CyberArkPAS": {
"Accounts": {
"address": "/",
"categoryModificationTime": 1597863168,
"createdTime": 1597863168,
"id": "89_3",
"name": "TestAccount1",
"platformId": "WinServerLocal",
"safeName": "TestSafe1",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 1597848768
},
"secretType": "password",
"userName": "TestUser"
}
}
}

Human Readable Output#

Results#

addresscategoryModificationTimecreatedTimeidnameplatformIdsafeNamesecretManagementsecretTypeuserName
/1597863168159786316889_3TestAccount1WinServerLocalTestSafe1automaticManagementEnabled: true
lastModifiedTime: 1597848768
passwordTestUser

cyberark-pas-account-delete#


Delete a specific account in the vault.

To run this command, you must have Delete Accounts permission in the Vault.

Base Command#

cyberark-pas-account-delete

Input#

Argument NameDescriptionRequired
account_idThe unique ID of the account to delete.Required

Context Output#

PathTypeDescription
CyberArkPAS.Accounts.DeletedBooleanWhether the safe was deleted.

Command Example#

!cyberark-pas-account-delete account_id= 89_3

Context Example#

{
"CyberArkPAS": {
"Accounts": {
"Deleted": true,
"id": "89_3"
}
}
}

Human Readable Output#

Account 89_3 was deleted

cyberark-pas-account-update#


Update the details of an existing account.

To run this command, you must have the following permissions in the Safe:

  • For updating account properties: Update Password Properties.
  • For renaming accounts: Rename Accounts.
  • For moving accounts to a different folder: Move Accounts or Move Folders.

Base Command#

cyberark-pas-account-update

Input#

Argument NameDescriptionRequired
account_idThe unique ID of the account to update.Required
account_nameThe name of the account to update.Optional
addressThe name or address of the machine where the account will be used.Optional
platform_idThe platform assigned to this account.Optional
usernameThe user name of the account.Optional

Context Output#

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique ID of the account.
CyberArkPAS.Accounts.categoryModificationTimeNumberThe last modified date of the account.
CyberArkPAS.Accounts.createdTimeNumberThe date the account was created.
CyberArkPAS.Accounts.nameStringThe name of the account.
CyberArkPAS.Accounts.platformIdStringThe platform assigned to this account.
CyberArkPAS.Accounts.safeNameStringThe safe where the account was created.
CyberArkPAS.Accounts.secretManagementStringWhether the account secret is automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of password.
CyberArkPAS.Accounts.userNameStringThe user name of the account.
CyberArkPAS.Accounts.addressStringThe name or address of the machine where the account will be used.

Command Example#

!cyberark-pas-account-update account_id= 89_3 account_name=NewName

Context Example#

{
"CyberArkPAS": {
"Accounts": {
"address": "/",
"categoryModificationTime": 1597863168,
"createdTime": 1597863168,
"id": "89_3",
"name": "NewName",
"platformId": "WinServerLocal",
"safeName": "TestSafe1",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 1597848768
},
"secretType": "password",
"userName": "TestUser"
}
}
}

Human Readable Output#

Results#

addresscategoryModificationTimecreatedTimeidnameplatformIdsafeNamesecretManagementsecretTypeuserName
/1597863168159786316889_3NewNameWinServerLocalTestSafe1automaticManagementEnabled: true
lastModifiedTime: 1597848768
passwordTestUser

cyberark-pas-accounts-list#


Return a list of all the accounts in the vault.

To run this command, you must have List Accounts permission in the Safe.

Base Command#

cyberark-pas-accounts-list

Input#

Argument NameDescriptionRequired
searchList of keywords to search for in the accounts.
Separated with a space, e.g,. Windows admin
Optional
sortProperty or properties by which to sort the returned accounts.
The properties are followed by a comma and then 'asc' (default) or 'desc' to control the sort direction,
e.g., Windows,asc
Optional
offsetThe offset of the first account that is returned in the collection of results. Default is '0'.Optional
limitMaximum number of accounts in the returned list. Default is '50'.Optional
filterSearch for accounts filtered by a specific safe,
e.g., safeName eq 'mySafe'.
Optional

Context Output#

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique IDs of the accounts.
CyberArkPAS.Accounts.categoryModificationTimeNumberLast modified dates of the accounts.
CyberArkPAS.Accounts.createdTimeNumberDate the account was created.
CyberArkPAS.Accounts.nameStringThe names of the accounts.
CyberArkPAS.Accounts.platformIdStringThe platforms assigned to these accounts.
CyberArkPAS.Accounts.safeNameStringThe safes where the accounts were created.
CyberArkPAS.Accounts.secretManagementStringWhether the accounts secrets were automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of passwords.
CyberArkPAS.Accounts.userNameStringThe user names of the accounts.
CyberArkPAS.Accounts.addressStringThe names or addresses of the machine where the accounts are used.

Command Example#

!cyberark-pas-accounts-list limit=2

Context Example#

{
"CyberArkPAS": {
"Accounts": [
{
"address": "string",
"categoryModificationTime": 1594569595,
"createdTime": 1594573679,
"id": "2_6",
"name": "account1",
"platformAccountProperties": {},
"platformId": "Oracle",
"safeName": "VaultInternal",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 159459279
},
"secretType": "password",
"userName": "string"
},
{
"address": "string",
"categoryModificationTime": 1583345933,
"createdTime": 157312750,
"id": "2_3",
"name": "cybr",
"platformAccountProperties": {},
"platformId": "WinDomain",
"safeName": "VaultInternal",
"secretManagement": {
"automaticManagementEnabled": false,
"lastModifiedTime": 157319750,
"manualManagementReason": "NoReason"
},
"secretType": "password",
"userName": "vault"
}
]
}
}

Human Readable Output#

There are 2 accounts#

addresscategoryModificationTimecreatedTimeidnameplatformAccountPropertiesplatformIdsafeNamesecretManagementsecretTypeuserName
string159456959515945736792_6account1OracleVaultInternalautomaticManagementEnabled: true
lastModifiedTime: 1594559279
passwordstring
string158334593315731277502_3cybrWinDomainVaultInternalautomaticManagementEnabled: false
manualManagementReason: NoReason
lastModifiedTime: 1573109750
passwordvault

cyberark-pas-account-get-list-activity#


Returns the activities of a specific account that is identified by its account ID.

Base Command#

cyberark-pas-account-get-list-activity

Input#

Argument NameDescriptionRequired
account_idThe ID of the account whose activities will be retrieved.Required

Context Output#

PathTypeDescription
CyberArkPAS.Activities.ActionStringThe activity that was performed.
CyberArkPAS.Activities.ActionIDNumberThe code identification of the specific activity.
CyberArkPAS.Activities.AlertBooleanWhether or not the activity caused an alert.
CyberArkPAS.Activities.ClientIDStringThe name of the account.
CyberArkPAS.Activities.DateNumberThe date the account was created.
CyberArkPAS.Activities.MoreInfoStringMore information about the activity.
CyberArkPAS.Activities.ReasonStringThe reason given by the user for the activity.
CyberArkPAS.Activities.UserStringThe user who performed the activity.

Command Example#

!cyberark-pas-account-get-list-activity account_id= 89_3

Context Example#

{
"CyberArkPAS": {
"Activities": [
{
"Action": "Rename File",
"ActionID": 124,
"Alert": false,
"ClientID": "1",
"Date": 1597863265,
"MoreInfo": "NewName",
"Reason": "",
"User": "Administrator"
},
{
"Action": "Add File Category",
"ActionID": 105,
"Alert": false,
"ClientID": "1",
"Date": 1597863168,
"MoreInfo": "CreationMethod",
"Reason": "Value=[ABC]",
"User": "Administrator"
}
]
}
}

Human Readable Output#

Results#

ActionActionIDAlertClientIDDateMoreInfoReasonUser
Rename File124false11597863265NewNameAdministrator
Add File Category105false11597863168CreationMethodValue=[ABC]Administrator

cyberark-pas-account-get-details#


Returns information for the specified account, identified by the account ID.

To run this command, you must have List Accounts permission in the Safe.

Base Command#

cyberark-pas-account-get-details

Input#

Argument NameDescriptionRequired
account_idThe ID of the account for which to retrieve information.Required

Context Output#

PathTypeDescription
CyberArkPAS.Accounts.idStringThe unique ID of the account.
CyberArkPAS.Accounts.categoryModificationTimeNumberThe date the account was last modified.
CyberArkPAS.Accounts.createdTimeNumberThe date the account was created.
CyberArkPAS.Accounts.nameStringThe name of the account.
CyberArkPAS.Accounts.platformIdStringThe platform assigned to this account.
CyberArkPAS.Accounts.safeNameStringThe safe where the account is created.
CyberArkPAS.Accounts.secretManagementStringWhether the account secret is automatically managed by the CPM.
CyberArkPAS.Accounts.secretTypeStringThe type of password.
CyberArkPAS.Accounts.userNameStringThe name of the account user.
CyberArkPAS.Accounts.addressStringThe name or address of the machine where the account will be used.

Command Example#

!cyberark-pas-account-get-details account_id=46_7

Context Example#

{
"CyberArkPAS": {
"Accounts": {
"address": "address.com",
"categoryModificationTime": 1597581174,
"createdTime": 1595431869,
"id": "46_7",
"name": "Operating System-UnixSSH",
"platformAccountProperties": {
"Tags": "SSH",
"UseSudoOnReconcile": "No"
},
"platformId": "UnixSSH",
"safeName": "Linux Accounts",
"secretManagement": {
"automaticManagementEnabled": true,
"lastModifiedTime": 1595417469,
"lastReconciledTime": 1576120341,
"status": "success"
},
"secretType": "password",
"userName": "user1"
}
}
}

Human Readable Output#

Results#

addresscategoryModificationTimecreatedTimeidnameplatformAccountPropertiesplatformIdsafeNamesecretManagementsecretTypeuserName
address1597581174159543186946_7Operating System-UnixSSHUseSudoOnReconcile: No
Tags: SSH
UnixSSHLinux AccountsautomaticManagementEnabled: true
status: success
lastModifiedTime: 1595417469
lastReconciledTime: 1576120341
passworduser1

cyberark-pas-credentials-change-in-vault-only#


Enable users to set account credentials and change them in the vault.

To run this command, you must have Update Password Value credentials in the Safe where the privileged account is stored.

Base Command#

cyberark-pas-credentials-change-in-vault-only

Input#

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required
new_credentialsThe new account credentials that will be allocated to the account in the vault.Required

Context Output#

There is no context output for this command.

Command Example#

!cyberark-pas-credentials-change-in-vault-only account_id=89_4 new_credentials=1234Asw

Human Readable Output#

The password in the account 89_4 was changed

cyberark-pas-credentials-verify#


Mark an account for verification by the Central Policy Manager (CPM).

To run this command, you must have Initiate CPM password management operations permission in the Safe where the privileged account is stored.

Base Command#

cyberark-pas-credentials-verify

Input#

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required

Context Output#

There is no context output for this command.

Command Example#

!cyberark-pas-credentials-verify account_id=89_4

Human Readable Output#

The account 89_4 was marked for verification by the CPM

cyberark-pas-credentials-reconcile#


Mark an account for automatic reconciliation by the Central Policy Manager (CPM).

To run this command, you must have Initiate CPM password management operations permission in the Safe where the privileged account is stored.

Base Command#

cyberark-pas-credentials-reconcile

Input#

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required

Context Output#

There is no context output for this command.

Command Example#

!cyberark-pas-credentials-reconcile account_id=89_4

Human Readable Output#

The account 89_4 was marked for automatic reconciliation by the CPM.

cyberark-pas-credentials-change-random-password#


Mark an account for an immediate credentials change by the CPM to a new random value.

To run this command, you must have the following permissions in the Safe where the privileged account is stored:

  • Initiate CPM password management operations
  • Specify next password value

Base Command#

cyberark-pas-credentials-change-random-password

Input#

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required

Context Output#

There is no context output for this command.

Command Example#

!cyberark-pas-credentials-change-random-password account_id=89_4

Human Readable Output#

The password in the account 89_4 was changed

cyberark-pas-credentials-change-set-new-password#


Enable users to set the account's credentials to use for the next Central Policy Manager (CPM) change.

To run this command, you must have Update Password Value credentials in the Safe where the privileged account is stored.

Base Command#

cyberark-pas-credentials-change-set-new-password

Input#

Argument NameDescriptionRequired
account_idThe unique ID of the account.Required
new_credentialsThe new account credentials that will be allocated to the account in the vault.Required

Context Output#

There is no context output for this command.

Command Example#

!cyberark-pas-credentials-change-set-new-password account_id=89_4

Human Readable Output#

The password in the account 89_4 was changed

cyberark-pas-security-events-get#


Return all Privileged Threat Analytics (PTA) security events.

Base Command#

cyberark-pas-security-events-get

Input#

Argument NameDescriptionRequired
start_timeThe starting date to get the security events from. Must be in the following timestamp format:
(<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year).
Required
limitThe number of events that will be shown, from newest to oldest. Default is '50'.Optional

Context Output#

PathTypeDescription
CyberArkPAS.SecurityEvents.idNumberThe unique ID of the security events.
CyberArkPAS.SecurityEvents.additionalDataStringAdditional data about the security events.
CyberArkPAS.SecurityEvents.audits.createTimeNumberThe time the security events were created.
CyberArkPAS.SecurityEvents.lastUpdateTimeNumberThe last update time of the security events.
CyberArkPAS.SecurityEvents.mStatusStringThe status of the security events.
CyberArkPAS.SecurityEvents.scoreNumberThe score of the security events.
CyberArkPAS.SecurityEvents.typeStringThe type of the security events.

Command Example#

!cyberark-pas-security-events-get start_time="3 days" limit=2

Context Example#

{
"CyberArkPAS": {
"SecurityEvents": [
{
"additionalData": {
"reason": "ip",
"station": "1.1.1.1",
"vault_user": "administrator"
},
"audits": [
{
"action": "Logon",
"cloudData": {},
"createTime": 1597864497000,
"id": "1a2b3c4d",
"sensorType": "VAULT",
"source": {
"mOriginalAddress": "1.1.1.1",
"mResolvedAddress": {
"mAddress": "1.1.1.1",
"mFqdn": "1-2-3-4",
"mHostName": "1-2-3-4",
"mOriginalAddress": "1.1.1.1",
}
},
"type": "VAULT_LOGON",
"vaultUser": "Administrator"
}
],
"createTime": 1597864497000,
"id": "1",
"lastUpdateTime": 1597864497000,
"mStatus": "OPEN",
"score": 25.751749103263528,
"type": "VaultViaIrregularIp"
},
{
"additionalData": {
"reason": "ip",
"station": "1.1.1.1",
"vault_user": "administrator"
},
"audits": [
{
"action": "Logon",
"cloudData": {},
"createTime": 1597864209000,
"id": "5f3d7911e4b0b8d4ac363b1b",
"sensorType": "VAULT",
"source": {
"mOriginalAddress": "1.1.1.1",
"mResolvedAddress": {
"mAddress": "1.1.1.1",
"mFqdn": "1-2-3-4",
"mHostName": "1-2-3-4",
"mOriginalAddress": "1.1.1.1",
}
},
"type": "VAULT_LOGON",
"vaultUser": "Administrator"
}
],
"createTime": 1597864209000,
"id": "2",
"lastUpdateTime": 1597864209000,
"mStatus": "OPEN",
"score": 25.751749103263528,
"type": "VaultViaIrregularIp"
}
]
}
}

Human Readable Output#

Results#

additionalDataauditscreateTimeidlastUpdateTimemStatusscoretype
station: 1.1.1.1
reason: ip
vault_user: administrator
{'id': '1', 'type': 'VAULT_LOGON', 'sensorType': 'VAULT', 'action': 'Logon', 'createTime': 1597864497000, 'vaultUser': 'Administrator', 'source': {'mOriginalAddress': '1.1.1.1', 'mResolvedAddress': {'mOriginalAddress': '1.1.1.1', 'mAddress': '1.1.1.1', 'mHostName': '1-2-3-4', 'mFqdn': '1-2-3-4'}}, 'cloudData': {}}159786449700011597864497000OPEN25.751749103263528VaultViaIrregularIp
station: 1.1.1.1
reason: ip
vault_user: administrator
{'id': '2', 'type': 'VAULT_LOGON', 'sensorType': 'VAULT', 'action': 'Logon', 'createTime': 1597864209000, 'vaultUser': 'Administrator', 'source': {'mOriginalAddress': '1.1.1.1', 'mResolvedAddress': {'mOriginalAddress': '1.1.1.1', 'mAddress': '1.1.1.1', 'mHostName': '1-2-3-4', 'mFqdn': '1-2-3-4'}}, 'cloudData': {}}159786420900021597864209000OPEN25.751749103263528VaultViaIrregularIp